Date: Wed, 6 Dec 2000 10:55:23 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: freebsd-audit@FreeBSD.org Subject: libutil diff Message-ID: <20001206105523.A52977@peitho.fxp.org>
next in thread | raw e-mail | index | archive | help
For today's diff, we present libutil: - sprintf() -> snprintf() - do not attempt to manipulate a malloc()'d struct if it is NULL - strcpy() -> strlcpy() I could not find any limits/restrictions on the variables used in the corrected sprintf()/strcpy() calls, so these seem safer. For more patches up for review, see: http://www.fxp.org/~jedgar/FreeBSD/diffs/ -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: login_class.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/login_class.c,v retrieving revision 1.15 diff -u -r1.15 login_class.c --- login_class.c 2000/07/14 13:56:07 1.15 +++ login_class.c 2000/12/06 15:05:31 @@ -91,8 +91,8 @@ rlim_t rcur = rlim.rlim_cur; rlim_t rmax = rlim.rlim_max; - sprintf(name_cur, "%s-cur", lr->what); - sprintf(name_max, "%s-max", lr->what); + snprintf(name_cur, sizeof(name_cur), "%s-cur", lr->what); + snprintf(name_max, sizeof(name_cur), "%s-max", lr->what); rcur = (*lr->who)(lc, lr->what, rcur, rcur); rmax = (*lr->who)(lc, lr->what, rmax, rmax); Index: property.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/property.c,v retrieving revision 1.7 diff -u -r1.7 property.c --- property.c 2000/11/09 00:28:22 1.7 +++ property.c 2000/12/06 15:05:31 @@ -47,9 +47,11 @@ properties n; n = (properties)malloc(sizeof(struct _property)); - n->next = NULL; - n->name = name ? strdup(name) : NULL; - n->value = value ? strdup(value) : NULL; + if (n != NULL) { + n->next = NULL; + n->name = name ? strdup(name) : NULL; + n->value = value ? strdup(value) : NULL; + } return n; } Index: pty.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/pty.c,v retrieving revision 1.10 diff -u -r1.10 pty.c --- pty.c 1999/08/28 00:05:51 1.10 +++ pty.c 2000/12/06 15:05:31 @@ -87,7 +87,7 @@ *amaster = master; *aslave = slave; if (name) - strcpy(name, line); + strlcpy(name, line, sizeof(name)); if (termp) (void) tcsetattr(slave, TCSAFLUSH, termp); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001206105523.A52977>